BJA-600 added explicit support for Signature Target.

pg/src/main/java/org/bouncycastle/bcpg/sig/SignatureTarget.java

@@ -0,0 +1,44 @@
+package org.bouncycastle.bcpg.sig;
+
+import org.bouncycastle.bcpg.SignatureSubpacket;
+import org.bouncycastle.bcpg.SignatureSubpacketTags;
+import org.bouncycastle.util.Arrays;
+
+/**
+ * RFC 4880, Section 5.2.3.25 - Signature Target subpacket.
+ */
+public class SignatureTarget
+    extends SignatureSubpacket
+{
+    public SignatureTarget(
+        boolean    critical,
+        boolean    isLongLength,
+        byte[]     data)
+    {
+        super(SignatureSubpacketTags.SIGNATURE_TARGET, critical, isLongLength, data);
+    }
+
+    public SignatureTarget(
+        boolean    critical,
+        int        publicKeyAlgorithm,
+        int        hashAlgorithm,
+        byte[]     hashData)
+    {
+        super(SignatureSubpacketTags.SIGNATURE_TARGET, critical, false, Arrays.concatenate(new byte[] { (byte)publicKeyAlgorithm, (byte)hashAlgorithm }, hashData));
+    }
+
+    public int getPublicKeyAlgorithm()
+    {
+        return data[0] & 0xff;
+    }
+
+    public int getHashAlgorithm()
+    {
+        return data[1] & 0xff;
+    }
+
+    public byte[] getHashData()
+    {
+        return Arrays.copyOfRange(data, 2, data.length);
+    }
+}

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java

@@ -22,6 +22,7 @@
 import org.bouncycastle.bcpg.sig.RevocationReason;
 import org.bouncycastle.bcpg.sig.SignatureCreationTime;
 import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
+import org.bouncycastle.bcpg.sig.SignatureTarget;
 import org.bouncycastle.bcpg.sig.SignerUserID;
 import org.bouncycastle.bcpg.sig.TrustSignature;
 
@@ -192,13 +193,21 @@ public void setRevocationKey(boolean isCritical, int keyAlgorithm, byte[] finger
     }
 
     /**
-     * Sets issuer key sub packe
+     * Sets issuer key sub packet
      */
     public void setIssuerKeyID(boolean isCritical, long keyID)
     {
         list.add(new IssuerKeyID(isCritical, keyID));
     }
 
+    /**
+     * Sets a signature target sub packet.
+     */
+    public void setSignatureTarget(boolean isCritical, int publicKeyAlgorithm, int hashAlgorithm, byte[] hashData)
+    {
+        list.add(new SignatureTarget(isCritical, publicKeyAlgorithm, hashAlgorithm, hashData));
+    }
+
     public PGPSignatureSubpacketVector generate()
     {
         return new PGPSignatureSubpacketVector(

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java

@@ -17,6 +17,7 @@
 import org.bouncycastle.bcpg.sig.PrimaryUserID;
 import org.bouncycastle.bcpg.sig.SignatureCreationTime;
 import org.bouncycastle.bcpg.sig.SignatureExpirationTime;
+import org.bouncycastle.bcpg.sig.SignatureTarget;
 import org.bouncycastle.bcpg.sig.SignerUserID;
 
 /**
@@ -279,6 +280,18 @@ public int[] getCriticalTags()
         return list;
     }
 
+    public SignatureTarget getSignatureTarget()
+    {
+        SignatureSubpacket    p = this.getSubpacket(SignatureSubpacketTags.SIGNATURE_TARGET);
+
+        if (p == null)
+        {
+            return null;
+        }
+
+        return new SignatureTarget(p.isCritical(), p.isLongLength(), p.getData());
+    }
+
     public Features getFeatures()
     {
         SignatureSubpacket    p = this.getSubpacket(SignatureSubpacketTags.FEATURES);

pg/src/test/java/org/bouncycastle/openpgp/test/PGPSignatureTest.java

@@ -18,6 +18,7 @@
 import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.bouncycastle.bcpg.sig.KeyFlags;
 import org.bouncycastle.bcpg.sig.NotationData;
+import org.bouncycastle.bcpg.sig.SignatureTarget;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPLiteralData;
@@ -43,7 +44,9 @@
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
 import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.io.Streams;
 import org.bouncycastle.util.test.SimpleTest;
 import org.bouncycastle.util.test.UncloseableOutputStream;
@@ -673,6 +676,7 @@ public void performTest()
         testKeyFlagsValues();
 
         testSubpacketGenerator();
+        testSignatureTarget();
         testUserAttributeEncoding();
     }
 
@@ -710,6 +714,38 @@ private void checkUserAttribute(String type, PGPPublicKeyRing pkr, PGPPublicKey
         }
     }
 
+    private void testSignatureTarget()
+    {
+        byte[] hash = Hex.decode("0001020304050607080910111213141516171819");
+        PGPSignatureSubpacketGenerator sGen = new PGPSignatureSubpacketGenerator();
+
+        sGen.setSignatureTarget(true, PublicKeyAlgorithmTags.ECDSA, HashAlgorithmTags.SHA1, hash);
+
+        PGPSignatureSubpacketVector sVec = sGen.generate();
+
+        isTrue("no sig target", sVec.hasSubpacket(SignatureSubpacketTags.SIGNATURE_TARGET));
+
+        SignatureTarget sigTarg = sVec.getSignatureTarget();
+
+        isTrue("wrong critical", sigTarg.isCritical());
+        isTrue("wrong key alg", PublicKeyAlgorithmTags.ECDSA == sigTarg.getPublicKeyAlgorithm());
+        isTrue("wrong hash alg", HashAlgorithmTags.SHA1 == sigTarg.getHashAlgorithm());
+        isTrue("wrong hash data", Arrays.areEqual(hash, sigTarg.getHashData()));
+
+        sGen = new PGPSignatureSubpacketGenerator();
+
+        sGen.setSignatureTarget(false, PublicKeyAlgorithmTags.RSA_SIGN, HashAlgorithmTags.SHA256, hash);
+
+        sVec = sGen.generate();
+
+        sigTarg = sVec.getSignatureTarget();
+
+        isTrue("wrong critical", !sigTarg.isCritical());
+        isTrue("wrong key alg", PublicKeyAlgorithmTags.RSA_SIGN == sigTarg.getPublicKeyAlgorithm());
+        isTrue("wrong hash alg", HashAlgorithmTags.SHA256 == sigTarg.getHashAlgorithm());
+        isTrue("wrong hash data", Arrays.areEqual(hash, sigTarg.getHashData()));
+    }
+
     private void testSubpacketGenerator()
     {
         PGPSignatureSubpacketGenerator sGen = new PGPSignatureSubpacketGenerator();